Entities allowed before slashes on a protocol relative URL
4
4
4
You can place whitespace before slashes, this vector finds out what entities you can place before them.
Created by: hackvertor
Created on: Saturday, July 6, 2024 at 12:12:14 PM
Updated on: Friday, December 6, 2024 at 4:34:33 PM
Vector type: JS
Vector charset: UTF-8
Code used before fuzz:
const div = document.createElement('div')
Template used:
div.innerHTML='<a href="$[data1]//example.com">';
if(div.querySelector('a').host === 'example.com') {
log('$[data1]');
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
div.innerHTML='<a href="\//example.com">';
if(div.querySelector('a').host === 'example.com') {
alert('\');
}
div.innerHTML='<a href="
//example.com">';
if(div.querySelector('a').host === 'example.com') {
alert('
');
}
div.innerHTML='<a href="///example.com">';
if(div.querySelector('a').host === 'example.com') {
alert('/');
}
div.innerHTML='<a href="	//example.com">';
if(div.querySelector('a').host === 'example.com') {
alert('	');
}
Fuzz results
Safari 17.5 mobile iOS 17.5.1
Updated
Sat Jul 06 2024
Found 4 results
Loading...
Firefox 127.0 desktop macOS 10.15
Updated
Sat Jul 06 2024
Found 4 results
Loading...
Chrome 130.0.0.0 desktop macOS 10.15.7
Updated
Mon Oct 28 2024
Found 4 results
Loading...